Home / News / In Boeing 787 Dreamliner detected a bulk of vulnerabilities in security systems

In Boeing 787 Dreamliner detected a bulk of vulnerabilities in security systems

At a Black Hat security conference in Las Vegas, IOActive researcher Ruben Santamarta presented several serious code vulnerabilities for the Boeing 787 Dreamliner aircraft component.

This component is known as the Crew Information Service / Maintenance System (CIS / MS). CIS / MS is responsible for applications such as maintenance systems and the so-called “electronic summer bag”, a collection of navigation documents and manuals used by pilots.

“Exploiting memory corruption vulnerabilities in CIS / MS allows an attacker to exploit these flaws to send commands to the much more sensitive components that control aircraft-critical safety systems, including engine, brakes, and sensors”, — Ruben Santamarta said.

Boeing categorically denies the possibility of such an attack and rejects the researcher’s claim about a potential attack vector. According to the company, additional security systems in CIS / MS do not allow exploiting the vulnerabilities presented.

Ruben Santamarta
Ruben Santamarta

Although Santamarta discovered the code in the public domain last year and acknowledges that he did not have complete information about aircraft systems, other avionics cybersecurity researchers agreed that the flaws found in the code constituted a neglect of cyber security by Boeing.

Read also: FBI warns that cybercriminals are looking for money laundering partners through dating sites

Santamarta also claims to have been able to spy on planes due to vulnerabilities in satellite communications equipment, such as antennas that send data to planes and modems inside the planes. All of them can be used remotely, without physical access to equipment.

“In our case, there was a configuration error that we corrected within two hours of notification last December. We have implemented additional layers of security to prevent similar actions”, — said Doug Murri, VP for operations at Global Eagle.

A spokesperson for Global Eagle also said that the company’s infotainment and Wi-Fi systems are separate from aircraft safety systems, indicating that there is no threat to the lives of passengers.

Pete Cooper, nonresident senior fellow at the Atlantic Council and formerly of the U.K. Ministry of Defense, said that the danger of such an attack is greatly exaggerated. He noted that even if hackers can access the antenna, they should have a permanent connection to a plane to use it.
[Total: 0    Average: 0/5]
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Amazon introduced Access Analyzer

Amazon Introduces Access Analyzer – Cloud Basket Security Monitoring Service

Amazon developers unveiled Access Analyzer, a new cloud container control solution. The system uses mathematical …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.